Hackers now have easy access to 600 million Samsung Galaxy smartphones due to a preinstalled SwiftKey keyboard on devices running S3 or higher, including the new S6 launched in April this year.

This bug was discovered by Ryan Welton from NowSecure, a cybersecurity firm, according to Fox News. Through the SwiftKey function, which cannot be uninstalled, hackers can create a spoof proxy server and send fake updates to the devices if the phone owners are using insecure or public Wi-Fi. In addition, the hackers can eavesdrop on messages and phone calls, as well as access personal pictures and text messages, and install harmful apps or tamper with existing ones.

After he discovered the vulnerability, Welton and NowSecure reported it to Samsung in late 2014. Although Samsung created patches to fix the problem, because many phone carriers delay updating their phones for indeterminate periods of time, it is unknown how many phones are still in the danger zone, Fox News reported.

In its defense against NowSecure’s accusations and the release of its findings, Samsung declared that NowSecure did not completely notify them of the full extent of the security system’s vulnerability.

In order to avoid falling prey to possible hackers, NowSecure recommends that Samsung Galaxy smartphone users avoid insecure Wi-Fi or using public channels for their Wi-Fi, and lobby their cell phone providers to fix the issue, according to CNN Money.